Download social networkings

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts
no text concepts found
Transcript
NOVEMBER 2011, VOLUME 1, NO. 4
IT Europe
in
k
NETWORKING EDITION
Special European edition of Network Evolution e-zine | www.searchnetworking.co.uk
u
u
u
u
u
Applicationaware networking
emerges but
has far to go
Application awareness is
emerging on firewalls and
WAN optimisation devices,
but efforts fall short of
a network-wide strategy,
especially at Layers 2 and 3.
u
u
HOME
idealab
Where evolving network concepts come together
IDEA LAB
APPLICATIONAWARE NETWORKING EMERGES BUT
HAS FAR TO GO
NETWORK AND
APPLICATION
MONITORING:
A LONDON SCHOOL
BEEFS UP SERVICE
HAVE SERVICE
ASSURANCE TOOLS
FINALLY COME
OF AGE?
Employees Want
Social Networking
Tools
survey of 2,800
college students and professionals
under 30 shows the majority will “follow” or “friend” their co-workers and
managers on Facebook and Twitter,
indicating that millennials will freely
intertwine their personal and professional lives with social networking tools.
Cisco’s second annual Connected
World Technology Report also shows
66% of students and 58% of professionals consider a mobile device their
most important technology, even more
important than television. In the 2010
edition of the study, 60% of employees
globally said offices are unnecessary
for productivity.
Cisco focused the survey on students and young professionals so that
the company can “develop solutions
that help IT prepare for the next-generation workforce,” said Scott Gainey,
Cisco’s director of mobility product
marketing.
A CISCO-SPONSORED
Enterprise social networking tools
Cisco has already come to the table
with enterprise social networking software in Cisco Quad, but Gainey said
the company must continue to invest
in these efforts. As an example of an
expanded use of social networking
tools in the enterprise, Gainey
explained how Cisco and other companies are proactively mining social net-
58% of professionals
under 30 consider a
mobile device their
most important
technology.
working communities for customer
service complaints as users increasingly turn to these forums for support.
“It’s not that they are dissatisfied
with traditional call-in [customer service], but they’re finding there is a peer
base of people they can draw on and
get questions answered more quickly,”
said Gainey.
IT IN EUROPE E-ZINE • NOVEMBER 2011
2
IDEA LAB
HOME
IDEA LAB
APPLICATIONAWARE NETWORKING EMERGES BUT
HAS FAR TO GO
NETWORK AND
APPLICATION
MONITORING:
A LONDON SCHOOL
BEEFS UP SERVICE
HAVE SERVICE
ASSURANCE TOOLS
FINALLY COME
OF AGE?
Eventually, enterprise social networking tools will enable corporate
community space with wikis, blogs, live
chat and collaboration that allow users
to pull mission-critical data and applications into the shared forum.
Enterprise mobility
“The traditional applications that people are using today [on mobile devices]
are mostly email and collaboration, and
these sit outside the firewall. But that
changes if you start to look at some of
these new core applications like Informatica’s new cloud integration application where you [reach into] the internal
workings of the data centre,” said
Gainey. “We’re seeing a convergence
of mobile technology with social networking and core applications.”
In addition, as demand for enterprise
mobility grows, Cisco will be looking
for ways to stretch security across
enterprise Wi-Fi and cellular networks.
“We have to look at how we can build
trusted networks not just for conventional IT but for service providers, and
then how can we link those so that data
can be secured,” said Gainey. “That’s
where I think you will see the majority
of investment in the coming year.” ■
RIVKA GEWIRTZ LITTLE , Senior Site Editor,
TechTarget
CISCO CONNECTED WORLD REPORT:
SOCIAL NETWORKINGS
A survey of professionals under 30 revealed the importance
of social networking for the next-generation workforce.
88%
73%
33%
70%
68%
Percentage of employees who have Facebook accounts
(90% of college students have them)
Percentage of employees who check their Facebook accounts at
least once a day (81% of students check theirs once a day)
Percentage of all respondents check Facebook accounts at least
five times per day
Percentage of employees surveyed friended their co-workers and/
or managers on Facebook
Percentage of employees who follow their co-workers and/
or managers on Twitter
SOURCE: CISCO CONNECTED WORLD REPORT. SEPTEMBER 2011
IT IN EUROPE E-ZINE • NOVEMBER 2011
3
IDEA LAB
Who Needs MPLS?
A Dark Fibre Network
Saves York Councils
HOME
IDEA LAB
APPLICATIONAWARE NETWORKING EMERGES BUT
HAS FAR TO GO
NETWORK AND
APPLICATION
MONITORING:
A LONDON SCHOOL
BEEFS UP SERVICE
HAVE SERVICE
ASSURANCE TOOLS
FINALLY COME
OF AGE?
CITY OF YORK COUNCIL (CYC)
set out to
rethink its patchwork of network service
contracts for voice and broadband and
ended up building a city-wide dark fibre
network that delivers fixed and wireless free public Internet access to all
York libraries. Those services will be expanded into public parks later this year.
CYC’s dark fibre network design
The city-wide network is a metro Ethernet design with a single mode fibre
backbone. There are two core 10 GB
fibre rings, one for schools and one for
the council. Both rings are linked via
five POP sites, with OSPF as the backbone routing protocol.
“The fibre ring is effectively a ’dark
fibre’ install which means that potentially any kit can be attached in the
future, such as WDM (wavelength division multiplexing), which can, in effect,
give you almost unlimited bandwidth,”
said Roy Grant, head of ICT at CYC.
So far there are 104 sites connected
to the network, all on 1 GB uplinks, and
City Fibre has laid around 100 km of
fibre.
The single mode fibre is driven using
SNMP managed transition media converters located in two chassis at the
five POPs and at remote sites. The
transition units convert the fibre into
Cat 6 copper, which then plugs into
two HP 5406 chassis—one for council
and one for education—in the POPs
and HP 2610 switches at the edge.
Both pieces of kit are managed for
alarms, and the links are monitored
and measured for traffic utilisation.
Makings of a dark fibre
network rollout
The deployment team selected a few
sites to roll out a staged cutover, and
when that went well, it accelerated the
rate of deployment. The issues that
faced the council were not at all technical network problems: “If I had to do
the same work again I would ask more
environmental questions,” said Grant.
“We were struggling to get access over
one of the railway bridges because [the
owners] were slow to respond. If there
were lessons learned it was around
where you need access to areas or
buildings that you don’t own. Five or six
sites were delayed a little bit due to
access over just one railway bridge.”
CYC has ended up with a single
unified IP network across the city,
“an outcome that we never thought
we would get anywhere near when we
started the tender process,” said Grant.
“We have a footprint in York now that
puts us in the top five or 10 councils in
the UK in terms of being future proof.
Most importantly it has exceeded any
upcoming guidelines for school connectivity and will support around
24,000 pupils,” he said. ■
TRACEY CALDWELL Tracey Caldwell is a professional freelance business technology writer.
IT IN EUROPE E-ZINE • NOVEMBER 2011
4
IDEA LAB
CRITICAL CONSIDERATIONS
FOR APPLICATION-AWARE FIREWALLS
Here’s how respondents to a recent TechTarget survey on application-aware firewalls ranked the most useful questions when making a firewall purchasing decision.
HOME
IDEA LAB
APPLICATIONAWARE NETWORKING EMERGES BUT
HAS FAR TO GO
NETWORK AND
APPLICATION
MONITORING:
A LONDON SCHOOL
BEEFS UP SERVICE
HAVE SERVICE
ASSURANCE TOOLS
FINALLY COME
OF AGE?
What security functions, besides port
and protocol identification, does
your firewall product perform?
Can your firewall product enforce
varying policies on different types
of application traffic? How?
Does your firewall product integrate
intrusion prevention functions?
Can it truly substitute for a separate IPS?
How does your firewall product
identify and classify different types of application traffic?
Does your firewall product incorporate user
identity access and management? What
directories does it interoperate with?
Can your firewall product enforce
varying policies on specific features
or content within an application? How?
What are the performance ratings
on your firewall product?
How does your product distinguish
itself as truly next-generation?
What is the architecture behind
your firewall product?
What is your plan for users integrating these
products into their security infrastructure?
How does your company define and
accomplish firewall “intelligence?”
0
20
40
60
80
100
120
140
160
SOURCE: "APPLICATION-AWARE FIREWALLS 2011 SURVEY," TECHTARGET, INC. JULY 2011. N=221 I.T. MANAGERS
IT IN EUROPE E-ZINE • NOVEMBER 2011
5
IDEA LAB
Virtual Extensible
SLAN: Awesome or
Braindead?
HOME
IDEA LAB
APPLICATIONAWARE NETWORKING EMERGES BUT
HAS FAR TO GO
NETWORK AND
APPLICATION
MONITORING:
A LONDON SCHOOL
BEEFS UP SERVICE
HAVE SERVICE
ASSURANCE TOOLS
FINALLY COME
OF AGE?
Virtual Extensible LAN (VXLAN)
announcement made by Cisco and
VMware at the recent VMworld event
has caused quite a ruckus among networking engineers (I actually received
an email with the subject I used for the
title of this post). We wonder: Is this
another ploy to get rid of the pesky networking people in a virtual environment or does this actually make sense?
The truth, as always, is somewhere in
the middle. Fast Packet Blogger Ivan
Pepelnjak provides answers some key
questions on VXLAN.
THE
What is VXLAN?
It’s a very simple MAC-in-UDP encapsulation scheme allowing you to build
virtualised Layer 2 subnets spanning
multiple physical IP subnets.
Why do we need a new technology?
There are several existing MAC-over-IP
standards—including EtherIP and
bridging over GRE tunnels—but none
of them addresses the need to go
beyond VLAN-based segment tagging,
which limits you to 4,096 distinct
VLANs. Even if you could use these
standards to implement logical segments, you would have to dig deep into
the MAC header (in the payload) to
find the virtual segment ID. VXLAN
uses a 24-bit segment ID, which allows
you to deploy millions of virtual segments in a single data centre. Furthermore, the VXLAN packet format is
easy to implement in hardware, opening the door for future tighter integration with physical networking gear.
Is VXLAN another proprietary
technology?
No. It started as an IETF draft coauthored by VMware, Cisco, Arista,
Broadcom, Citrix and Red Hat. It would
be hard to get a better team (You can
guess that Arista and Broadcom have
joined the efforts since Broadcom is
making chipsets that Arista is using in
data centre switches.)
When would I need VXLAN?
Contrary to some claims that “you
should consider VXLAN if you have
more than 250 virtual machines in
your data centre” (Who doesn’t?), you
should consider VXLAN if you need
hundreds of logical segments. Stick
with time-tested technologies like
VLANs if you need just a few—or a
few tens—of logical segments.
Is there a difference
between VLANs and VXLAN?
VXLAN obviously scales better—
4,096 VLANs versus 16 million VXLAN
segments—but it has a tremendous
handicap at the moment: A logical subnet using VXLAN encapsulation cannot
communicate with the physical devices
such as switches, load balancers or
firewalls, although one would expect
IT IN EUROPE E-ZINE • NOVEMBER 2011
6
IDEA LAB
HOME
IDEA LAB
APPLICATIONAWARE NETWORKING EMERGES BUT
HAS FAR TO GO
NETWORK AND
APPLICATION
MONITORING:
A LONDON SCHOOL
BEEFS UP SERVICE
HAVE SERVICE
ASSURANCE TOOLS
FINALLY COME
OF AGE?
some data centre switch vendors to
implement Layer 3 VXLAN termination
support. The only way you can connect
a VXLAN segment to the outside world
is through a virtual Layer 3 appliance
such as vShield Edge, Vyatta router or
F5 load balancer—having one vNIC in a
physical VLAN and one or more vNICs
in VXLAN segments.
Can I run VXLAN across
any IP network?
Almost—it does require IP multicast
to implement Layer 2 flooding (broadcasts or multicasts).
Can I use VXLAN to implement
long-distance VM mobility?
I wouldn’t. The technology allows you
to do that—assuming you can propagate IP multicast between the data
centres—but just because you can
doesn’t mean that you should. VXLAN
has no mechanism to alleviate longdistance traffic trombones that will
inevitably start to appear once you
spread the virtual machines in the
same logical subnet across multiple
data centres.
What then is the VXLAN’s
sweet spot?
VXLAN is an ideal technology to use
if you’re building a totally virtualised
Infrastructure-as-a-Cloud service
where you want to rely on customerconfigured virtual appliances to connect the customer subnets with the
outside network. ■
IVAN PEPELNJAK, CCIE No. 1354, is a 25-year
veteran of the networking industry.
APPLICATION-AWARE STORAGE DEFINED
is a storage system with built-in intelligence about relevant applications and their utilisation patterns. Once the storage “understands”
the applications and usage conditions, it is possible to optimise data layouts,
caching behaviors and Quality of Service (QoS) levels. This is a particularly challenging goal because application-aware storage does not run application code
locally. Instead, it demands significant integration of the operating system (OS),
the host bus adapter (HBA) and the applications themselves.
Application-aware storage allows storage managers to better utilise commodity disks for low-priority applications, while still getting the best possible performance, capacity and reliability for mission-critical applications. Application awareness can be particularly useful for boosting performance in storage-intensive
tasks such as archiving, backups, disaster recovery, replication, data modeling
and index/search. —BY WHATIS.COM
APPLICATION-AWARE STORAGE
IT IN EUROPE E-ZINE • NOVEMBER 2011
7
COVER STORY
APPLICATION-AWARE
NETWORKING
HOME
IDEA LAB
APPLICATIONAWARE NETWORKING EMERGES BUT
HAS FAR TO GO
EMERGES
BUT HAS FAR TO GO
Application awareness is emerging on firewalls
and WAN optimization devices, but efforts fall short of a
network-wide strategy, especially at Layers 2 and 3.
BY SHAMUS MCGILLICUDDY
NETWORK AND
APPLICATION
MONITORING:
A LONDON SCHOOL
BEEFS UP SERVICE
HAVE SERVICE
ASSURANCE TOOLS
FINALLY COME
OF AGE?
environment dominated
by cloud computing, mobility and
Web-based applications, enterprises need smarter, application-aware
networks to ensure performance.
But while application awareness is
emerging on individual Layer 4-7
network components, such as firewalls and WAN optimisation appliances, there’s still a way to go in
generating application-intelligent
policy across these components.
What’s more, application intelligence in Layers 2 and 3, where it
could be most crucial, is a way off.
IN A BUSINESS
WHY THE NEED FOR APPLICATIONAWARE NETWORKS NOW?
Ten or 15 years ago, Layer 4 visibility
was application-aware enough. If a
router could see the port destination, it could make a decent guess
about the nature of the application
and apply quality of service (QoS)
policy. With the same information, a
firewall could decide whether to
allow or deny traffic. If it was headed for Port 80, for example, it was
pretty clear that it was HTTP traffic.
It was a best-effort affair.
But today, best effort isn’t good
enough. Hundreds of applications
are running over HTTP, including
video conferencing, SalesForce.com
and even hosted SAP applications,
and the network needs to get
smarter and go deeper into these
applications in order to enable high
performance.
“How does video within a conferencing session with a potential
IT IN EUROPE E-ZINE • NOVEMBER 2011
8
APPLICATION-AWARE NETWORKING EMERGES BUT HAS FAR TO GO
HOME
IDEA LAB
APPLICATIONAWARE NETWORKING EMERGES BUT
HAS FAR TO GO
NETWORK AND
APPLICATION
MONITORING:
A LONDON SCHOOL
BEEFS UP SERVICE
HAVE SERVICE
ASSURANCE TOOLS
FINALLY COME
OF AGE?
client look relative to highlights from
a football game?” said Christian
Moses, chief technology officer of
E.K. Riley Investments, an independent brokerage and investment advisory firm headquartered in Seattle.
“In a traditional network, it just
looks like video data, but from a
business standpoint we all know
that people are going to be watching
video on YouTube in the corporate
network. You have to take that into
consideration; otherwise you are
prioritising slacker time.”
LAYERS 4-7 APPLICATION AWARENESS
IS HERE, BUT MUST EVOLVE
WAN optimisation and application
delivery controllers have become
increasingly application-aware and
more sophisticated about how they
optimise and accelerate applications, which is well understood and
appreciated by network engineers.
Meanwhile, firewalls have moved up
the OSI stack to Layer 7 in order to
adapt to the evolving threat landscape.
“[Legacy] firewalls are dead.
There is no firewall anymore,” said
Doug Tamasanis, chief IT architect
and director of networks and security for Kronos Inc., a Chelmsford,
Mass.-based workforce management solutions company. “You open
up three or four ports, and you
might as well throw out your firewall. So the only hope you have is
going up the stack to start looking at
applications.”
To secure and optimise his network, Tamasanis is adopting technology that looks beyond ports and
protocols with new applicationaware firewalls from Palo Alto Networks and new WAN optimisation
appliances from Silver Peak that can
do packet-level optimisation.
All three classes of network appliances—firewalls, application delivery
controllers and WAN optimisation
controllers—are managing traffic
based on application awareness, but
they quite often exist as islands
within the infrastructure, which
lessens their overall effectiveness.
“It would be great if you could say,
’here is an application and I want all
three classes of tools in my network
to recognise that application is
important, and I want to apply a
consistent set of policies around it
regardless of where I’m seeing it,’”
Frey said. “There is some argument
that you won’t see all the same
applications at each of those viewpoints, and that’s probably true. But
with a select group of critical applications, you could.”
Citrix Systems, whose products
include NetScaler application delivery controllers, Branch Repeater
WAN optimisation products, and
Access Gateway SSL VPN controllers, envisions a future where the
service and application delivery fabric formed by its products could
IT IN EUROPE E-ZINE • NOVEMBER 2011
9
APPLICATION-AWARE NETWORKING EMERGES BUT HAS FAR TO GO
HOME
IDEA LAB
APPLICATIONAWARE NETWORKING EMERGES BUT
HAS FAR TO GO
NETWORK AND
APPLICATION
MONITORING:
A LONDON SCHOOL
BEEFS UP SERVICE
HAVE SERVICE
ASSURANCE TOOLS
FINALLY COME
OF AGE?
become a control plane for the rest
of the network.
“In a heterogeneous fabric, you
can envision components talking to
each other using a protocol that is a
variation on OpenFlow,” said Sunil
Potti, vice president of product management and marketing at Citrix.
“Today, OpenFlow is a protocol that
allows heterogeneous switches to be
controlled using a particular standard, but it’s only Layer 2/Layer 3.”
Citrix is exploring ways to make
the rest of the network more application-aware by decoupling the
control plane of its NetsScaler
ADCs and applying it to Layer 2 and
Layer 3 infrastructure, much like
OpenFlow allows a server to serve
as the control plane of a Layer
2/Layer 3 network. The NetScaler
SDX model, for instance, has a builtin hypervisor that allows companies
to run third-party network services
within the same box.
“If you have a have a NetScaler
SDX in the data centre and a wireless LAN controller in the campus,
you could instantiate that wireless
LAN controller on the SDX and
exchange control protocols with it,”
said Potti. “We [Citrix NetScaler]
recognise that a virtual desktop
infrastructure (VDI) session is emanating from the data centre: Typically when it goes to the wireless network, it has no clue about that.
What if you are able to construct
protocols that go to the wireless
data network and say, ’hey, this is a
VDI session’? Then you can apply a
lot of QoS and other policies.”
APPLICATION-AWARENESS
AT LAYER 2 AND LAYER 3 NOT
JUST FOR SERVICE PROVIDERS
While application awareness for
Layers 4-7 is emerging, intelligence
at Layer 2 and Layer 3 could take
longer and could be more costly.
“The application awareness stuff is
not cheap in terms of resources. You
need to do deep packet inspection
to drag part of a HTTP header or
decode part of an FTP string. That’s
a heavier resource requirement,
which means that application
awareness capabilities are typically
found in higher-end devices that
have more processors and more
programmable silicon. In the access
layer, there’s not a lot of unused silicon. This is a real problem because
of the interest in monitoring the
wireless mobile access layer of networks, where you have a lot of people coming in with Internet-enabled
devices,” said Adam Powers, CTO of
Lancope, which sells the StealthWatch NetFlow analysis product.
Cisco Systems has also expanded
the number of devices in its portfolio that support NetFlow v9 and
IPFIX, the network flow protocols
that allow switches and routers to
export application-aware information to the management tier. The 2-
IT IN EUROPE E-ZINE • NOVEMBER 2011
10
APPLICATION-AWARE NETWORKING EMERGES BUT HAS FAR TO GO
HOME
IDEA LAB
APPLICATIONAWARE NETWORKING EMERGES BUT
HAS FAR TO GO
NETWORK AND
APPLICATION
MONITORING:
A LONDON SCHOOL
BEEFS UP SERVICE
HAVE SERVICE
ASSURANCE TOOLS
FINALLY COME
OF AGE?
terabit version of the Catalyst 6500,
the Catalyst 3750-X and Catalyst
4500 all export this programmable
NetFlow.
In fact, Cisco considers application-aware networking so fundamental that it is bringing carrier
grade deep packet inspection (DPI)
capabilities to its entire portfolio of
enterprise routers. “We think application awareness has to become a
core attribute of that edge [router]
device at remote sites and central
sites,” said Scott Harrell, senior
product director of network systems
at Cisco. “We launched the first
phase of that on the ASR series in
July, and we’re going to bring it to
the whole portfolio of access routers
in November.”
Cisco’s Application Visibility and
Control (AVC) solution will roll out
to the company’s popular Integrated
Services Router (ISR) line this fall,
integrated into the router’s operating system.
“In the old world—the Layer 3/
Layer 4 world—having port-based
visibility was sufficient. I could use
that to tell a lot about what the
application was. I could decide how
to apply controls to it and how to
apply optimisation to it. As you fast
forward and everything becomes
Web-enabled, you need to be more
and more Layer 7-aware and application-aware and to be able to apply
all your network services on that
layer. We’re also looking to populate
the ability to recognise different
media streams, not just application
flows but also video traffic, so that
you can prioritise and appropriately
treat those streams,” Harrell said.
Cisco considers
application-aware
networking so
fundamental that it is
bringing carrier-grade
DPI capabilities to
its entire portfolio
of enterprise routers.
“If I am in a branch today and
have an ISR connected to an ASR at
the head end, and I have a QoS policy that says HTTP is best effort, my
problem is that my SAP Business
Objects is on the Web. My video
communications is on the Web,” he
said. “That’s all on Port 80. I don’t
want that traffic to be scavenger
class. I want to be able to differentiate traffic within that class and treat
it differently based on the business
value. Today that is a very difficult
thing to do and not well suited to
the Web, which is constantly changing.” ■
SHAMUS MCGILLICUDDY is the News
Director for TechTarget Networking Media.
IT IN EUROPE E-ZINE • NOVEMBER 2011
11
CASE STUDY
HOME
IDEA LAB
APPLICATIONAWARE NETWORKING EMERGES BUT
HAS FAR TO GO
NETWORK
AND APPLICATION
MONITORING
A LONDON SCHOOL BEEFS UP SERVICE
Application performance monitoring tools must
provide visibility to everything from storage I/O to remote
end-user access and a whole lot in between.
BY JOHN BURKE
NETWORK AND
APPLICATION
MONITORING:
A LONDON SCHOOL
BEEFS UP SERVICE
in North London gained an extra 600 students
and began the move into a virtualised environment, network manager David Crawley knew the school
would need network and application
monitoring tools to support growth.
Over time, Park High’s network
has developed piecemeal, connecting a total of 1,700 students and 170
staff, with support for a mixture of
laptops, desktops, thin clients, PCs,
Macs and a partially virtualised
server estate.
“As with most schools, it’s very
much something that has grown
sporadically over the years, and we
do tend to run computers a year or
two longer than ideally you’d like to.
So it can be quite a challenging netWHEN PARK HIGH SCHOOL
HAVE SERVICE
ASSURANCE TOOLS
FINALLY COME
OF AGE?
work to manage,” said Crawley.
In the past, attempts to monitor
the network were “probably a little
backwards,” he added. “If you had a
device that was slowing down your
entire network, to track that back
you’d pretty much have to start at
the centre of your network and work
out step by step, he said.
“[You would] log on to every
switch individually, see if there was
a particular port that was having too
much traffic. If the traffic was too
bad, you may not even be able to log
on to a switch; you’d end up having
to take a laptop, plug a console
cable in and query it directly.”
Old-school troubleshooting is
especially lacking considering the
strain that virtualisation can place
IT IN EUROPE E-ZINE • NOVEMBER 2011
12
NETWORK AND APPLICATION MONITORING: A LONDON SCHOOL BEEFS UP SERVICE
HOME
IDEA LAB
APPLICATIONAWARE NETWORKING EMERGES BUT
HAS FAR TO GO
NETWORK AND
APPLICATION
MONITORING:
A LONDON SCHOOL
BEEFS UP SERVICE
HAVE SERVICE
ASSURANCE TOOLS
FINALLY COME
OF AGE?
on networks. “[With virtualisation]
one of the key aims is to get more
processing power out of each physical server by loading it with as many
virtual machines as is reasonable.
That stresses the network and the
network bandwidth, and network
I/O assigned to a physical server
may become the main performance
bottleneck, rather than CPU and
storage,” said Quocirca analyst Bob
Tarzey.
So Crawley sought a network
monitoring tool that could handle
both physical networks and virtual
environments, choosing to pilot the
PRTG Network Monitor from
Paessler, which provides a real-time
view of network activity as well as
historical reporting.
The monitoring tool would start
by taking on the physical network,
which is based on a 10 GB, 12 core
fibre backbone with 1 GB fibre links
and HP ProCurve switches. This
summer, Crawley’s team also
installed a new wireless system
based on Netgear wireless routers
with a Wavesight wireless bridge
that went live at the start of the new
term in September 2011.
APPLICATION MONITORING
IN THE NETWORK
After first focusing on basic network
functions, Crawley will extend the
reach of the monitoring tool to look
more deeply at how applications are
performing. “We are in [the]
process of updating our school’s
website, and once the new system is
in place, we’ll monitor the external
Web server,” said Crawley.
One of the key aims
of virtulisation is to
get more processing
power out of each
server by loading it
with as many virtual
machines as possible.
Eventually that monitoring will
drill down into some applications to
look at specific transactions. “We do
have the ability to monitor something that runs on a server as a service. I can monitor their uptime and
make sure that they’re not exceeding any threshold and that they’re
just essentially working for people.”
Yet some applications are still
beyond the reach of most network
monitoring tools. “It would be useful
if you could monitor certain applications, but a lot of that comes down
to the application developers themselves making that information
available to external monitoring
solutions to read. That interoperability isn’t always there,” he said.
Still, applications that are available for monitoring can be used as a
IT IN EUROPE E-ZINE • NOVEMBER 2011
13
NETWORK AND APPLICATION MONITORING: A LONDON SCHOOL BEEFS UP SERVICE
HOME
IDEA LAB
APPLICATIONAWARE NETWORKING EMERGES BUT
HAS FAR TO GO
gauge for how well networks are
working and vice versa, said Tarzey.
“When it comes to monitoring
application performance, there are
aspects you can report on which do
not need much access to the application itself; for example, end-toend performance ... if you can establish that the network is working well,
then that is the time to take a closer
look at the application, however you
achieve that,” he said.
NETWORK MONITORING
IN A VIRTUAL ENVIRONMENT
NETWORK AND
APPLICATION
MONITORING:
A LONDON SCHOOL
BEEFS UP SERVICE
HAVE SERVICE
ASSURANCE TOOLS
FINALLY COME
OF AGE?
The monitoring solution also allows
Crawley to keep a weather eye on
the virtualised estate and pre-empt
any bottlenecks, as well as avoid
overprovisioning. Yet this is mostly
a manual operation. “It’s very useful
to see if one of my physical hosts is
particularly overloaded for the task,
[so I can] migrate certain virtual
servers to other hosts,” said
Crawley.
Using the PRTG monitoring tool
also enables Crawley to avoid overprovisioning. “The PRTG monitoring
has been helpful if I’m taking services or servers that are currently running on physical hosts and determining just how much processor
capacity and RAM they actually
needed to give to the virtual
machine. It’s meant that we can
then not need to overprovision our
virtual servers too much and make
more use of what we’ve got.”
What’s more, remote monitoring
of the virtual environment and network proved invaluable during a
recent outage. “I was on holiday
Applications that
are available for
monitoring can be
used as a gauge for
how well networks
are working and
vice versa.
and one of our fans went offline,”
Crawley said. “This took out about
two-thirds of our virtual machines,
and at the moment the majority of
our servers are now running on virtual machines, so that essentially
took out the majority of the network.
“I was able to get on to the network remotely, see exactly which
fan had gone down, which physical
hosts it had taken down, which virtual machines were down. I was
able to get the network back up
and running from home within 45
minutes.” ■
TRACY CALDWELL is a UK-based technology
journalist.
IT IN EUROPE E-ZINE • NOVEMBER 2011
14
TECHWATCH
SERVICE
ASSURANCE
TOOLS
FINALLY COME OF AGE?
HAVE
HOME
IDEA LAB
APPLICATIONAWARE NETWORKING EMERGES BUT
HAS FAR TO GO
NETWORK AND
APPLICATION
MONITORING:
A LONDON SCHOOL
BEEFS UP SERVICE
HAVE SERVICE
ASSURANCE TOOLS
FINALLY COME
OF AGE?
Vendors have long promised that service assurance tools
could monitor across IT systems, but they’ve always fallen short.
Are these tools finally growing up?
BY RIVKA GEWIRTZ LITTLE
Whether or not a
specific link on your network is
healthy is the least of your worries.
In fact, service assurance (SA) vendors warn that networking is only a
tiny fraction of what can go wrong
behind an application, yet poor user
experience still falls at least partially
on the shoulders of the networking
team. That’s where SA tools come in.
SA tools monitor across IT infrastructure and report into a single
console where the information can
be analysed to track both the root
cause behind poor application performance and troubled end-user
experience. The idea is to take monitoring completely away from specific infrastructure elements, such
HERE’S A CONCEPT:
as networks, storage, servers, virtual
machines and databases, and
instead examine the interdependencies among these systems.
“The problem is not just the network or the servers; it’s that and
everything in between,” said Steve
Shalita, vice president of marketing
at management and monitoring
company NetScout. Multi-tiered
applications, for example, depend
on a collection of middleware,
servers and databases that can all
cause problems, he said.
What’s more, the emergence of
virtualisation and converged storage/data centre networks have only
increased the need for correlated
event analysis.
IT IN EUROPE E-ZINE • NOVEMBER 2011
15
HAVE SERVICE ASSURANCE TOOLS FINALLY COME OF AGE?
HOME
IDEA LAB
APPLICATIONAWARE NETWORKING EMERGES BUT
HAS FAR TO GO
NETWORK AND
APPLICATION
MONITORING:
A LONDON SCHOOL
BEEFS UP SERVICE
HAVE SERVICE
ASSURANCE TOOLS
FINALLY COME
OF AGE?
“Ten years ago you had Fibre
Channel SAN, and if there was a
problem, you knew what HBA (host
bus adapter) was attached to a specific server, and you knew which
application was affected,” said Bob
Laliberte, senior analyst at Enterprise Strategy Group. “Now servers,
networks and storage are all interdependent, and with virtualisation,
you need new tools that are able to
accommodate a dynamic infrastructure.”
But tossing aside elemental monitoring for an integrated approach
may not be so easy. For one thing,
users question whether there is
really any one tool good enough to
handle the job.
“I am not aware that anyone has
come up with a magic bullet,” said
Carl Mazzanti, vice president of network strategies at systems integrator eMazzanti Technologies. “The
number of vendors you have to be
able to interoperate with in order to
make this work is so high. Think
about how many firewall companies
and disk manufacturers [in addition
to switch, router, server and storage
vendors] you would need to work
with.”
Even if you could build a tool that
talked to every system, in many
cases, individual monitoring tools
fall short or can be difficult to manage, so some users question the
point of integrating their information.
“All network monitoring tools are
flawed from the perspective that
unless there is a custom signature
and you have the resources to create a solid baseline, you can’t get
“I am not aware that
anyone has come up
with a magic bullet.”
—CARL MAZZANTI
VP of Network Strategies,
eMazzanti Technologies
much done,” said a network engineer at a multinational consulting
firm, explaining that most reporting
from these tools can be so overwhelming that it is never read or
analysed. “A simple collection of
data requires a little tuning and a lot
of massaging, so you need a tool
that can do this now across all of
that reporting. I haven’t seen one
that exists yet.”
Even more troubling to users is
that the term service assurance is
only being thought of as a way to
rebrand technology that has been
tried in the industry for decades but
has always ended up as a project
tossed-aside on an IT shop shelf.
“Nearly 20 years ago, CA was
selling Business Process Views as
part of Unicenter,” said Rob England,
an IT consultant and creator of the
IT Skeptic blog. “Nowadays all the
IT IN EUROPE E-ZINE • NOVEMBER 2011
16
HAVE SERVICE ASSURANCE TOOLS FINALLY COME OF AGE?
HOME
IDEA LAB
APPLICATIONAWARE NETWORKING EMERGES BUT
HAS FAR TO GO
NETWORK AND
APPLICATION
MONITORING:
A LONDON SCHOOL
BEEFS UP SERVICE
HAVE SERVICE
ASSURANCE TOOLS
FINALLY COME
OF AGE?
vendors promise a service-level
view of status in their monitoring
tools, and a service entity-type in
their CMDB. It runs well in a simple
demo, but it is either too expensive
to set up or manage for the majority
of organisations. In general, I think it
is a tech geek fantasy of a magic
tool solution to a very difficult problem.”
WITH SO MUCH SKEPTICISM,
WHY BOTHER WITH SA TOOLS?
IT managers may be more convinced to invest in SA tools if they
could prove return on investment.
And that’s not impossible if these
tools actually work and user-facing
applications suddenly begin to perform better.
What makes SA tools different
than basic monitoring tools is that
they provide information about IT
functions to the business side of an
organisation as well as the IT shop,
aiming to better support missioncritical applications, or applications
that would most hurt business productivity if they go down.
SA tool users start by identifying
these applications and then creating
service models and baselines to
measure them by.
So, for example, in supporting a
customer relationship management
(CRM) application, the SA tool
would take into account Oracle on
the back end, WebSphere for the
front end, tools for security and network identity, as well as all of the
servers and network links that support these.
CA’s Service Assurance tools—
like those from most vendors—set
“an intelligent baseline that understands what performance looks like
at 8 a.m. Monday and how that’s
different than Friday at 4 p.m.,” said
Patrick Ancipink, vice president of
marketing at CA. Then it uses that
information to seek out anomalies.
DIFFERENT COMPANIES, DIFFERENT
APPROACHES, BUT WHICH IS RIGHT?
No one takes issue with the idea of
seeking out anomalies. Users are
more concerned with how these
tools will reach across systems.
Some vendors offer SA tools that
include home-grown monitoring
applications, while others seek to
funnel information from existing
monitoring tools into a joint console
for analysis. Which tool to choose
depends on the existing monitoring
investment.
“If [users] just made an investment in individual domain tools, it’s
going to be hard to justify replacing
all of that and bringing in something
new,” said Laliberte. On the other
hand, tools that are built to work
together for application support
may be more effective.
CA’s SA strategy is made up of a
patchwork of monitoring tools the
IT IN EUROPE E-ZINE • NOVEMBER 2011
17
HAVE SERVICE ASSURANCE TOOLS FINALLY COME OF AGE?
HOME
IDEA LAB
APPLICATIONAWARE NETWORKING EMERGES BUT
HAS FAR TO GO
NETWORK AND
APPLICATION
MONITORING:
A LONDON SCHOOL
BEEFS UP SERVICE
HAVE SERVICE
ASSURANCE TOOLS
FINALLY COME
OF AGE?
company has either acquired or
developed over the years, including
network monitoring from its NetQoS acquisition and application performance management from its
Wily acquisition. Those tools work
alongside the company’s Spectrum
network infrastructure management
tool that looks at everything from
NetFlow information and packet
information to line code and application response time. The SA console then pulls the information into
a series of maps and impact graphs
for both root cause analysis and predictive modelling.
For Zenoss, an open source monitoring and management software
provider, the ability to adapt to
working with any existing system
and domain-based monitoring tool
is its biggest advantage.
“We can talk to any system out
there, whether it’s via data protocol
like SSH or application protocols like
Apache consoles or JBOSS. On the
virtualisation front, we’ve gone further to manage Cisco UCS; we talk
to VMware vCenter, to Puppet and
to Openstack,” said Floyd Strimling,
a cloud technical evangelist for
Zenoss. “We can monitor the application stack, the server stack, the
storage stack, the virtualisation
stack, network components and
speciality components, like environmental systems and power.”
In fact, Zenoss purposely uses
existing network monitoring so as to
avoid “recreating the wheel,” said
Strimling. “We haven’t gone into
wanting to becoming Cflow or
Jflow—or any flow. We can gather
that data and bring it into the system via partnerships with Infoblx or
Plixer. There are certain things in
While visibility across
the IT spectrum is
the defining factor
of an SA tool, network
monitoring itself
plays a crucial role.
networking that are well defined,” he
said.
While visibility across the IT spectrum is the defining factor of an SA
tool, network monitoring itself plays
a crucial role—specifically packet
sniffing, or deep packet inspection
(DPI).
NetScout—which specialises in
packet sniffing—places its tools
across the IT spectrum. One monitoring tools sits physically in the
data centre, looking at transactions
in real time. Virtual appliances sit in
each virtual server, and another virtual appliance can live in a Cisco
Integrated Services Router (ISR).
But NetScout tools look at the packet as it travels through all of these
areas. “We see the packet as the
IT IN EUROPE E-ZINE • NOVEMBER 2011
18
HAVE SERVICE ASSURANCE TOOLS FINALLY COME OF AGE?
HOME
IDEA LAB
APPLICATIONAWARE NETWORKING EMERGES BUT
HAS FAR TO GO
NETWORK AND
APPLICATION
MONITORING:
A LONDON SCHOOL
BEEFS UP SERVICE
HAVE SERVICE
ASSURANCE TOOLS
FINALLY COME
OF AGE?
source of intelligence. It is the one
thing that touches every aspect of
service delivery; it touches every
single piece of technology that
makes an application work,” said
Shalita.
VIRTUALISATION AND THE CLOUD
MAKE SA MONITORING EVEN MORE
COMPLEX
When it comes to virtualisation and
the cloud, following data paths isn’t
so easy. The biggest complaint
among networking professionals is
the lack of traffic visibility in a virtual environment. In fact, even systems teams have a problem with
visibility.
“We put a monitoring agent on
every virtual machine—on the host
and the client application—but it
can only tell you so much,” said
Mezzanti.
And virtualisation doesn’t stop at
the server. As companies build out
private clouds, they are moving
toward using what is basically a network hypervisor in which the control
plane of the network is decoupled
from the physical components so
that network managers have more
granular control over resources.
These so-called network hypervisors will also have to provide visibility for SA tools in order to ensure
application performance, said
Strimling.
Without that kind of visibility,
moving applications into both private and public clouds will be
impossible. At this point, though,
most cloud providers are not
focused on the level of end-user
experience that enterprises and
even smaller companies need. So in
addition to making very complex
internal reporting systems work, SA
users will have to place their monitoring tools in the cloud and integrate this information into their
management consoles—and that’s a
long way off.
“What’s going to have to happen
is that cloud providers will have to
make investments in SA just like
enterprises,” said Shalita. In the
meantime, companies may have to
place their own monitors on their
portion of the cloud.
A NEW IT JOB:
SERVICE ASSURANCE MANAGER
Breaking down silos within IT organisations has been a running theme
in the industry over the past couple
of years as IT professionals grapple
with managing virtualised environments and converged networks. Yet
even as IT pros realise that working
together might help in designing
and managing complex environments, there is still resistance to
unification, as well as finger pointing
between groups when something
goes wrong.
While SA tools aim to eliminate
IT IN EUROPE E-ZINE • NOVEMBER 2011
19
HAVE SERVICE ASSURANCE TOOLS FINALLY COME OF AGE?
HOME
IDEA LAB
APPLICATIONAWARE NETWORKING EMERGES BUT
HAS FAR TO GO
NETWORK AND
APPLICATION
MONITORING:
A LONDON SCHOOL
BEEFS UP SERVICE
HAVE SERVICE
ASSURANCE TOOLS
FINALLY COME
OF AGE?
the blame game when it comes to
performance issues, they also
require cooperation between IT
groups. What’s more, to make SA
effective, implementation and
reporting need to be shared with the
business side of the house. That’s
why many SA vendors foresee the
emergence of an SA manager who
can interface among internal parties.
“This person would look across
domains and say, ’I have five problems that are affecting business
services, which is the highest
impact?’” explained Ancipink.
NetScout’s Shalita sees the new
role of service assurance manager
as being a “manager of managers,”
or someone that collects the useful
information and presents it to each
group so that no one is swimming in
data. That’s meant to address the
issues of complexity that many
users see related to SA tools.
Until there are tools that can be
depended upon across virtual environments and the public cloud, it is
highly unlikely that SA managers
will become a dime a dozen.
“These [vendors] are in the right
spot. We need [SA tools], customers are asking for them and
solution providers are waiting to see
who delivers the best first,” Mazzanti said. ■
Network Evolution Ezine is produced by
TechTarget Networking Media.
Rivka Gewirtz Little
Senior Site Editor
[email protected]
Shamus McGillicuddy
Director of News and Features
[email protected]
Kara Gattine
Senior Managing Editor
[email protected]
Linda Koury
Director of Online Design
[email protected]
Kate Gerwig
Editorial Director
[email protected]
FOR SALES INQUIRIES, PLEASE CONTACT:
Tom Click
Senior Director of Sales
[email protected]
617-431-9491
RIVKA GEWIRTZ LITTLE is the Senior Site
Editor for TechTarget Networking Media.
IT IN EUROPE E-ZINE • NOVEMBER 2011
20